REMARKS 

The Office Action dated June 28, 2007 has been received and carefully noted. The 
above amendments to the claims, and the following remarks, are submitted as a full and 
complete response thereto. 

By this response, claims 1-12 have been amended to more particularly point out 
and distinctly claim the subject matter of the present invention, and claim 13 has been 
added. No new matter has been added. Support for the above amendments are provided 
in the Specification in at least paragraphs [0021] and [0028]-[0030]. Accordingly, claims 
1-13 are currently pending in the application, of which claims 1, 10, and 13 are 
independent claims. 

In view of the above amendments and the following remarks, Applicants 
respectfully request reconsideration and timely withdrawal of the pending drawing 
objections and claim rejections for the reasons discussed below. 

Drawing Objection 

The Office Action objected to Figure 1 as allegedly failing to comply with 37 
C.F.R. §1.74 because the figure does not include any reference characters to depict the 
system of claims 1-9. 

Applicants respectfully traverse the objection to Figure 1. 37 C.F.R. §1.84(p)(5) 

states "Reference characters not mentioned in the description shall not appear in the 

i 

drawings. Reference characters mentioned in the description must appear in the 
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drawings." Further, 37 C.F.R. §1.74 states "When there are drawings, there shall be a 
brief description of the several views of the drawings and the detailed description of the 
invention shall refer to the different views by specifying the numbers of the figures and to 
the different parts by use of reference letters or numerals. .." {emphasis added). 

Figure 1 identifies the structural elements of the claimed invention using reference 
letters. Accordingly, Applicants respectfully submit that Figure 1 is in compliance with 
the requirements of 37 C.F.R. §1.74. 

Therefore, Applicants respectfully request withdrawal of the objection to Figure 1, 
and respectfully submit that Figure 1 is in condition for issuance. 

Claim Rejections under 35 U.S.C. §112, Second Paragraph 

The Office Action rejected claims 1-9 under 35 U.S.C. §112, second paragraph as 
allegedly being indefinite for failing to particularly point out and distinctly claim the 
subject matter which Applicants regard as the invention. Specifically, the Office Action 
alleged that Applicants' specification does not disclose a specific embodiment of the 
"Internet Protocol Security service means" recited in claim 1 or the "interface means" 
recited in claim 2. 

Claims 1 and 2 have been amended to remove the "means" claim limitations. 
However, claim 13 has been added, reciting "internet protocol security service means." 
Applicants respectfully submit that the specification provides sufficient support for the 
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"internet protocol security service means" at least on pages 6 and 7 in paragraphs [0029] 
and [0030] in describing the IPSEC. 

Therefore, Applicants respectfully request withdrawal of the rejection of claims 1- 
9, and respectfully submit that claim 1, and the claims that depend therefrom, are in 
condition for allowance. 

Claim Rejections under 35 U.S.C. §1 02(e) 

The Office Action rejected claims 1-6, 8, and 10-12 under 35 U.S.C. §102(e) as 
being allegedly anticipated by Ludovici, et ah (U.S. Patent No. 6,636,898) ("Ludovici"). 
The Office Action alleged that Ludovici discloses or suggests every claim feature recited 
in claim 1 . 

Claim 1, upon which claims 2-9 are dependent, recites a system for remotely and 
transparently managing security associations of internet protocol security. The system 
includes an application device, a service device, and a communication network 
configured to connect the application device to the service device. The system also 
includes an internet protocol security service unit configured to provide one or more 
internet protocol security services comprising at least one of authentication services 
and encryption services, at least one management client configured to issue security 
association management requests to create and manage, with a session key management 
protocol, security associations for use by the provided internet protocol security services, 
and a management server configured to receive the security association management 
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requests issued from the at least one management client and to respond in connection 
with the internet protocol security service unit, to the security association management 
requests received at the management server. The internet protocol security service unit is 
deployed in the service device. The at least one management client is deployed in the 
application device. The management server is deployed in the service device. 

Claim 10, upon which claims 11 and 12 are dependent, recites a method of 
remotely and transparently managing security associations of internet protocol security. 
The method includes providing one or more internet protocol security service comprising 
at least one of authentication services and encryption services from an internet protocol 
security service unit, issuing security association management requests to create and 
manage, with a session key management protocol, security associations for use by the 
provided internet protocol security services, from at least one management client, 
receiving in a management server the security association management requests issued 
from the at least one management client, and responding, in connection with an internet 
protocol security service unit, to the security association management requests received 
at the management server. The internet protocol security service unit is deployed in a 
service device. The at least one management client is deployed in an application device. 
The management server is deployed in the service device. The application device is 
connected to the service device by a communication network. 
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As will be discussed below, Ludovici fails to disclose or suggest every claim 
feature recited in claims 1-6, 8, and 10-12, and therefore fails to provide the features of 
the claims discussed above. 

Ludovici is directed to a central management of connections in a virtual 
private network implementing IPSec and ISAKMP protocols. To allow this, a 
VPN connection manager is provided that is operable to start, stop, delete and 
query instantiated VPN connections (Ludovici, Abstract; col. 2, lines 33-37). 
Ludovici primarily discusses the functionality of the VPN connection manager 
(VPNCNM) and various objects of which are depicted in Figure 1. Further, Figure 
22 depicts an IKE Server 451, an IPSEC 452, and a VPNCNM 450 component. 
The VPNCNM 450 component requests security associations from the IKE Server 

451. The IKE Server 451 negotiates an SA, and then responds to the VPNCNM 450 

i 

component. Then, the VPNCNM 450 transfers information to IPSEC 452 
(Ludovici, Abstract; col. 8, line 47 to col. 9, line 21). 

Applicants respectfully submit that Ludovici fails to disclose or suggest 

every claim feature recited in claim 1, and similarly in claim 10. Specifically, 

i 

Ludovici fails to disclose or suggest at least three separate structural elements 

recited in claim 1, and similarly in claim 10. 

an internet protocol security service unit configured to provide one or 
more internet protocol security services comprising at least one of 
authentication services and encryption services, said internet protocol 
security service unit deployed in said service device; 
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at least one management client configured to issue security association 
management requests to create and manage, with a session key 
management protocol, security associations for use by said provided 
internet protocol security services, said at least one management client 
deployed in said application device ; and 

a management server configured to receive said security association 
management requests issued from said at least one management client 
and to respond in connection with said internet protocol security service 
unit, to said security association management requests received at said 
management server, said management server deployed in said service 
device (emphasis added). 

Rather, Ludovici discloses IKE server 451, corresponding to a common prior art 
security association or key management application, and IPSEC 452, corresponding to a 
common prior art IPsec service means. Ludovici fails to explicitly state whether IKE 
server 451 and IPSEC 452 are deployed in a single device or in separate devices. One of 
ordinary skill in the art at the time the invention was made would have understood that 
IKE server 451 and IPSEC 452 in Ludovici were deployed in a single device, since this is 
the only implementation orientation known, as shown in Ludovici at col. 3, lines 23-25, 
with reference to co-pending U.S. Application No. 09/239,693, now U.S. Patent No. 
6,330,562, issued to Boden, et ah ("Boden"), which Ludovici indicates contains related 
subject matter. Boden discloses that IKE application 16 and IPSec 202 for a one 
connection end-point are deployed in a single VPN node 18, i.e. in a single device 
(Boden, Figure 1; col. 3, line 51 to col. 4, line 1). Accordingly, one of ordinary skill in 
the art, in view of the disclosure of Ludovici and Boden, would have understood that IKE 
server 451 and IPSEC 452 are deployed in a single VPN device. Thus, Ludovici fails to 
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teach or suggest the aforementioned structural elements deployed in separate devices as 
recited in claim 1 . 

Accordingly, the Office Action fails to demonstrate that Ludovici discloses or 
suggests every claim feature recited in claim 1. Claims 2-6 and 8 depend from claim 1. 
Claims 11 and 12 depend from claim 10. Accordingly, claims 2-6, 8, and 11-12 should 
be allowable for at least their dependency upon an allowable base claim, and for the 
limitations recited therein. 

Therefore, Applicants respectfully request withdrawal of the rejection of claims 1- 
6, 8, and 10-12 under 35 U.S.C. § 102(e), and respectfully submit that claims 1 and 10, 
and the claims that depend therefrom are now in condition for allowance. 

Claim Rejections under 35 U.S.C. §1 03(a) 

The Office Action rejected claims 7 and 9 under 35 U.S.C. §103(a) as allegedly 
unpatentable as obvious over Ludovici. 

As will be discussed below, Ludovici fails to disclose or suggest every claim 
feature recited in claims 7 and 9, and therefore fails to provide the features of the claims 
discussed above. 

Ludovici was discussed above. As previously noted, Ludovici fails to disclose or 
suggest every claim feature recited in claim 1. Claims 7 and 9 depend from claim 1. 
Accordingly, claims 7 and 9 should be allowable for at least their dependency upon an 
allowable base claim, and for the limitations recited therein. 
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Therefore, Applicants respectfully request withdrawal of the rejection of claims 7 
and 9 under 35 U.S.C. § 103(a), and respectfully submit that claims 1 and 10, and the 
claims that depend therefrom are now in condition for allowance. 



New Claim 13 

New claim 13 has its own scope, but contains recitations similar to those discussed 
above with regard to claims 1 and 10. Specifically, Ludovici fails to disclose or suggest 
at least 

internet protocol security service means for providing one or more 
internet protocol security services comprising at least one of 
authentication services and encryption services, said internet 
protocol security service means being deployed in said servicing 
means; 

at least one management client means for issuing security 
association management requests to create and manage, with a 
session key management protocol, security associations for use by 
said provided internet protocol security services, said at least one 
management client means being deployed in said application means; 
and 

management server means for receiving said security association 
management requests issued from said at least one management client 
means and for responding, in connection with said internet protocol 
security service unit, to said security association management requests 
received at said management server, said management server means 
being deployed in said servicing means 

as recited in claim 13. 

Therefore, Applicants respectfully submit that claim 13 is in condition for 
allowance. 
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CONCLUSION 

In conclusion, Applicants respectfully submit that Ludovici fails to disclose or 
suggest every claim feature recited in claims 1-13. The distinctions previously noted are 
more than sufficient to render the claimed invention unanticipated and unobvious. 
Applicants further submit that Figure 1 is in compliance with the requirements of 37 
C.F.R. §1.74. It is therefore respectfully requested that all of claims 1-13 be allowed, and 
this present application passed to issuance. 

If for any reason the Examiner determines that the application is not now in 
condition for allowance, it is respectfully requested that the Examiner contact, by 
telephone, Applicants* undersigned attorney at the indicated telephone number to arrange 
for an interview to expedite the disposition of this application. 
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In the event this paper is not being timely filed, Applicants respectfully petition for 
an appropriate extension of time. Any fees for such an extension together with any 
additional fees may be charged to Counsel's Deposit Account 50-2222. 

Respectfully submitted, 




Brad Y. Chin 
Registration No. 52,738 
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